Long live traditional network security!!!

Long live traditional network security!!!

 

Let me take you back to the time of castles and battles.

Castles were made as strong and as defensive as possible so that it became almost impossible to get inside and thus take the castle. Thus, most castles were equipped with a moat, several ramparts, high walls, small windows, ... Several layers were added, and each layer provided additional security.

We also see this kind of layered security in traditional network security. And this principle works very well as long as the attack is coming from outside the perimeter.

But what if the intruder is already inside, and you have absolutely no idea....

 

Back to our castle and its inhabitants for a moment.

Is it wise for us to blindly trust every single inhabitant of the castle? And perhaps more importantly, do we know how many people are in the castle? And what do we do with guests?

Do we have a view on this? How can we be sure that no malicious activity is taking place under our noses?

 

And what if it then goes wrong....

For example, what can we learn from the lessons learned by Maastricht University after their ransomware attack in December 2019. Could this have been prevented if there was more 'oversight' within the castle walls?

https://www.surf.nl/wat-universiteit-maastricht-leerde-van-de-ransomwareaanval-deel-1

What if we rethink our security strategy and no longer only secure from the outside to the inside, but also from inside the castle to the outside world.

 

What if we no longer blindly trust anyone. What if we adopt Zero Trust principles...

The basic idea behind zero trust is the assumption that all devices and users are not trustworthy until proven otherwise. But again, we need to go one step further.

There is no longer blind trust. Just because one is inside the castle via a bond of trust (authentication/authorization) does not mean that we should not keep watching and checking (monitor and adapt) whether "weird" activities are taking place after all.

In fact, the bottom line is that we won't “really” trust anything or anyone anymore.

Of course, this sounds pretty harsh, but in this way, we give users safe and controlled access to our "castle" and all the resources inside.

By using a Zero Trust Framework we can start securing our castle even better and more efficiently. Not only from attacks from the outside, but also, we will stop and contain attacks from ths inside.

The Zero Trust Framework requires all users and devices, inside or outside the organization, to be authenticated, authorized, and continuously validated before they are granted or maintained access to applications and data within the network.

Zero Trust assumes that there is no longer a traditional network edge; networks can be local, in the cloud, or a combination of the two with resources and employees in all possible locations.

 

Now what can Quant ICT do for you?

We are going to ensure that a user (internal or guest) or a device (IoT) is identified through an authentication process. This can be done using 802.1X or based on other techniques such as MPSK, Captive Portal, ...

When the identification is done, we can assign a role with certain privileges assigned to it. This is a fully automatic process.

A role is a logical grouping of certain privileges that are assigned once the identity of a user or device is established. These privileges can range from access or not to certain applications, communication with other devices or users within the network and within the same segment (dynamic segmentation - routing), adjusting privileges during certain hours (allowing YouTube/Facebook during lunch break) or days (e.g., what is an end user doing on Sunday afternoon on the internal network?), ...

So, we are going to assign privileges to an identity. And this identity is independent of its location. So, it is not because person X/Y/Z works from home that other rules apply. It is possible, but it doesn't have to.

And this whole process is going to be constantly monitored so that we always know who and/or what is on the network, we continue to check especially for user and device identity in order to identify any anomalies in a timely manner and we can make any adjustments where necessary.

 

So, in short, what Zero Trust is all about:

• Visualizing: understanding who and what is on the network (authentication) and what resources are all allowed to be accessed (authorization).

   

• Limiting: If breaches are detected, detect, and stop the breaches or limit the consequences of the breach (quarantine).

   

• Optimize: Extend security throughout the network, regardless of the end user's location, while further optimizing the end user experience and the internal IT organization.

   

• And this entire security process is not a one-time check, but a continuous process!!!

 

Kurt Neven

 

• https://www.arubanetworks.com/solutions/zero-trust-security/
• https://www.al-enterprise.com/en/blog/zero-trust-can-save-your-network